Jay Sekora <[email protected]> (Fr 06 Sep 2019 22:17:31 CEST): > > According the the Git log, the $tls_in_sni variable should be available > > for >= 4.81. For <4.81 $tls_sni was the name. > Thansk! I saw that, but this is 4.82, and I get the same error with $tls_sni > . > > > Does "exim -be '$tls_in_sni'" complain too? And "exim -be '$tls_sni'"? > > Yes: > > $ exim -be '$tls_in_sni' > Failed: unknown variable name "tls_in_sni" > > $ exim -be '$tls_sni' > Failed: unknown variable name "tls_sni" > > $ exim -bV > Exim version 4.82 #2 built 10-Feb-2018 19:43:30 > Copyright (c) University of Cambridge, 1995 - 2013 > (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2013 > Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) > Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS > move_frozen_messages Content_Scanning DKIM Old_Demime
May be an issue with GnuTLS?
I just downloaded the Ubuntu package source from launchpad and built
Exim with a minimal build configuration. And - voila - the variable does
not exist! I'm not able to build it with OpenSSL, as my installed -dev
libraries are not compatible with the old sources.
… some more checking.
src/exand.c:
#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
{ "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the
alphabetical order! */
#endif
But nevertheless, your Exim is vulnerable. Unfortunnatly the ACL trick
doesn't work. You can do "binary patching".
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
